Pathways to Higher Education Project

Center for Advancement of Postgraduate

Studies and Research in Engineering Sciences,
Faculty of Engineering - Cairo University
(CAPSCU)

Risk Assessment
and
Risk Management

Prof. Dr. Atef M. A-Moneim

 Risk Assessment
and
Risk Management

by
Prof. Dr. Atef M. A-Moneim
Director of Research Center for Database and
Programming Cairo University

Cairo
2005
Risk Assessment and Risk Management

First Published 2005

Published by Center for Advancement of Postgraduate Studies and Research

in Engineering Sciences, Faculty of Engineering - Cairo University (CAPSCU)
Tel: (+202) 5716620, (+202) 5678216
Fax: (+202) 5703620
Web-site: www.capscu.com
E-mail: capscu@tedata.net.eg

Deposit No. 9676/2005

ISBN 977-223-984-1

All Rights reserved. No part of this publication may be reproduced, stored in a

retrieval system, or transmitted in any form or by any means; electronic,
mechanical, photocopying, recording, or otherwise, without the prior written
permission of the publisher.
 Acknowledgment
On behalf of Pathways to Higher Education Management Team in Egypt, the Project
Coordinator wishes to extend his thanks and appreciation to the Ford Foundation (FF)
for its full support to reform higher education, postgraduate studies and research
activities in Egypt. The Management Team extend their special thanks and
appreciation to Dr. Bassma Kodmani, Senior Project Officer at the Ford Foundation
office in Cairo, who helped initiate this endeavor, and who spared no effort to support
the Egyptian overall reform activities, particularly research and quality assurance of
the higher education system. Her efforts were culminated by the endorsement to fund
our proposal to establish the Egyptian Pathways to Higher Education project by the
Ford Foundation Headquarters in New York.

The role of our main partner, the Future Generation Foundation (FGF), during the
initial phase of implementation of the Pathways to Higher Education Project is also
acknowledged. The elaborate system of training they used in offering their Basic
Business Skills Acquisition (BBSA) program was inspiring in developing the
advanced training program under Pathways umbrella. This partnership with an NGO
reflected a truly successful model of coordination between CAPSCU and FGF, and its
continuity is mandatory in support of our young graduates interested in pursuing
research activities and/or finding better job opportunities.

The contribution of our partner, The National Council for Women (NCW), is
appreciated. It is worth mentioning that the percentage of females graduated from
Pathways programs has exceeded 50%, which is in line with FF and NCW general
objectives. The second phase of the project will witness a much more forceful
contribution from the NCW, particularly when implementing the program on the
governorates level as proposed by CAPSCU in a second phase of the program.

We also appreciate the efforts and collaborative attitude of all colleagues from Cairo
University, particularly the Faculties of Commerce, Art, Mass Communication, Law,
Economics and Political Sciences, and Engineering who contributed to the success of
this project.

Finally, thanks and appreciation are also extended to every member of the Center for
Advancement of Postgraduate Studies and Research in Engineering Sciences
(CAPSCU), Steering Committee members, trainers, supervisors and lecturers who
were carefully selected to oversee the successful implementation of this project, as
well as to all those who are contributing towards the accomplishment of the project
objectives.
 Pathways Steering Committee Members
SN Member Name
1 Dr. Ahmed Aboulwafa
Mohamed
2 Dr. Ahmed Farghally
3 Dr. Ali Abdel Rahman
4 Dr. Bassma Kodmani
5 Dr. Fouad Khalaf
6 Dr. Hoda Rashad
7 Dr. Kamel Ali Omran
8 Dr. Mahmoud Fahmy
El Kourdy
9 Mr. Moataz El-Alfy
10 Mr. Mohamed Farouk
Hafeez
11 Dr. Mohamed K. Bedewy
12 Dr. Mohamed M. Megahed
13 Dr. Mohsen Elmahdy Said
14 Dr. Salwa Shaarawy Gomaa
15 Dr. Sami El Sherif
16 Dr. Sayed Kaseb
17 Dr. Zeinab Mahmoud Selim
CU Cairo University
FF Ford Foundation
CAPSCU Center for Advancement of Postgraduate Studies and Research in
Engineering Sciences, Faculty of Engineering - Cairo University
Title Institution
Professor and Chief of the Department of CU
Public International Law, Faculty of Law
and Ex-Vice Dean for Postgraduate
Studies, Faculty of Law
Professor of Accounting and Dean of the CU
Faculty of Commerce
President of Cairo University CU
Senior Program Officer, Governance and FF
International Cooperation, Ford
Foundation, Cairo Office
Ex-Project Manager, Project Consultant CU
and Local Coordinator of TEMPUS Risk
Project
Professor and Director of Social Research NCW
Center, American University in Cairo
(AUC)
Professor of Human Resources and CU
Organizational Behavior, Business
Administration and Ex-Vice Dean for
Postgraduate Studies, Faculty of
Commerce
Professor of Social Science and Ex-Vice CU
Dean for Students Affairs, Faculty of Arts
Vice Chairman of Future Generation FGF
Foundation
Secretary General and Board Member, FGF
Future Generation Foundation
Dean of the Faculty of Engineering and CAPSCU
Chairman of CAPSCU Board
Director of CAPSCU CAPSCU
Project Coordinator CU
Professor of Public Policy and Ex-Director NCW
of Public Administration Research & & CU
Consultation Center (PARC), Faculty of
Economics Political Sciences
Vice Dean for Students Affairs, Faculty of CU
Mass Communication
Project Manager CU
Professor of Statistics and Ex-Vice Dean CU
for Students Affairs, Faculty of Economics
and Political Sciences
NCW National Council for Women
FGF Future Generation Foundation
 Publisher Introduction
The Faculty of Engineering, Cairo University is a pioneer in the field of learning and
continual education and training. The Center for Advancement of Postgraduate Studies
and Research in Engineering Sciences, Faculty of Engineering - Cairo University
(CAPSCU) is one of the pillars of the scientific research centers in the Faculty of
Engineering. CAPSCU was established in 1974 in cooperation with UNIDO and
UNESCO organizations of the United Nations. Since 1984, CAPSCU has been
operating as a self-financed independent business unit within the overall goals of Cairo
University strategy to render its services toward development of society and
environment.

CAPSCU provides consultation services for public and private sectors and
governmental organizations. The center offers consultation on contractual basis in all
engineering disciplines. The expertise of the Faculty professors who represent the pool
of consultants to CAPSCU, is supported by the laboratories, computational facilities,
library and internet services to assist in conducting technical studies, research and
development work, industrial research, continuous education, on-the-job training,
feasibility studies, assessment of technical and financial projects, etc.

Pathways to Higher Education (PHE) Project is an international grant that was

contracted between Cairo University and Ford Foundation (FF). During ten years, FF
plans to invest 280 million dollars to develop human resources in a number of
developing countries across the world. In Egypt, the project aims at enhancing
university graduates' skills. PHE project is managed by CAPSCU according to the
agreement signed in September 22nd, 2002 between Cairo University and Ford
Foundation, grant No. 1020 - 1920.

The partners of the project are Future Generation Foundation (FGF), National Council
for Women (NCW) and Faculties of Humanities and Social Sciences at Cairo
University. A steering committee that includes representatives of these organizations
has been formed. Its main tasks are to steer the project, develop project policies and
supervise the implementation process.

Following the steps of CAPSCU to spread science and knowledge in order to

participate in society development, this training material is published to enrich the
Egyptian libraries. The material composes of 20 subjects especially prepared and
developed for PHE programs.

Dr. Mohammad M. Megahed

CAPSCU Director
April 2005
 Foreword by the Project Management
Pathways to Higher Education, Egypt (PHE) aims at training fresh university graduates in
order to enhance their research skills to upgrade their chances in winning national and
international postgraduate scholarships as well as obtaining better job.

Pathways steering committee defined the basic skills needed to bridge the gap between
capabilities of fresh university graduates and requirements of society and scientific research.
These skills are: mental, communication, personal and social, and managerial and team work,
in addition to complementary knowledge. Consequently, specialized professors were assigned
to prepare and deliver training material aiming at developing the previous skills through three
main training programs:
1. Enhancement of Research Skills
2. Training of Trainers
3. Development of Leadership Skills

The activities and training programs offered by the project are numerous. These activities
include:
1. Developing training courses to improve graduates' skills
2. Holding general lectures for PHE trainees and the stakeholders
3. Conducting graduation projects towards the training programs

Believing in the importance of spreading science and knowledge, Pathways management team
would like to introduce this edition of the training material. The material is thoroughly
developed to meet the needs of trainees. There have been previous versions for these course
materials; each version was evaluated by trainees, trainers and Project team. The development
process of both style and content of the material is continuing while more courses are being
prepared.

To further enhance the achievement of the project goals, it is planned to dedicate complete
copies of PHE scientific publications to all the libraries of the Egyptian universities and
project partners in order to participate in institutional capacity building. Moreover, the
training materials will be available online on the PHE website, www.Pathways-Egypt.com.

In the coming phases, the partners and project management team plan to widen project scope
to cover graduates of all Egyptian universities. It is also planned that underprivileged
distinguished senior undergraduates will be included in the targeted trainees in order to enable
their speedy participation in development of society.

Finally, we would like to thank the authors and colleagues who exerted enormous efforts and
continuous work to publish this book. Special credit goes to Prof. Fouad Khalaf for playing a
major role in the development phases and initiation of this project. We greatly appreciate the
efforts of all members of the steering committee of the project.

Dr. Sayed Kaseb Dr. Mohsen Elmahdy Said

Project Manager Project Coordinator

 Table of Contents

Chapter 1: Risk Definition 1

1.1 Identifying Risk 1
1.2 Common Risks 1
1.3 Categorizing Risks 3
1.4 Mitigating Risks 3

Chapter 2: Risk Management 7

2.1 Actions 8
2.2 Identifying Risk and Risk Classification 9
2.3 Risk Management 10
2.4 Expecting the Unexpected 12
2.5 Variation of Risk with the Project Management Life Cycle 13
2.6 Isolating Risk in the Work Breakdown Structure 13

Chapter 3: Risk Assessment 15

3.1 The Impact of Risk 15
3.2 Risk Assessment of Several Risks Combined 15
3.3 Accounting for Increased Costs or Reduced Revenues 21
3.4 Communicating the Risk Analysis 21

Chapter 4: Reducing Risk 23

4.1 Avoidance 23
4.2 Deflection 23
4.3 Contingency 26
4.4 Time and/or Cost 26
4.5 Contingency Plans 26
4.6 Controlling Risk 26
4.7 The Risk Management Plan 27
4.8 Monitoring Risk 27
4.9 Risk Reassessment 27

References 31
C6/1: Risk Assessment & Risk Management Risk Definition

Chapter 1: Risk Definition

A risk is a potential problem, a situation that, if it materializes,
may adversely affect the project. Risks that materialize are no
longer risks, they are problems.

All projects have risks, and all risks are ultimately handled: 1). Some
Definition disappear, 2). some develop into problems that demand attention,
and 3). a few escalate into crises that destroy projects. The goal of
risk management is to ensure that risks never fall into the third
category.

There are four steps to managing risks: identify them, categorize

them, mitigate them, and manage them.

1.1 Identifying Risk

Identifying
Risks Although all projects are different, the same risks those listed in
Table 1.1 tend to recur. The list in Table 1.1 is not exhaustive, and in
identifying the risks for a project, you must continually ask, What
can possibly go wrong?

If there is one risk that is universally the most dangerous for all
projects, it is the following:

Corporate management views the project managers

risk analysis as alarmist and will not take the risks
seriously until they materialize.

The only way to mitigate this risk is to document all other risks,
identify the actions you take, and keep a management informed,
especially as the risk becomes more probable. It is only by
stressing your risk analysis, by making explicit recommendations, and
by insisting that management understand the risks that you can avoid
having to say, See, I told you so.

Common
Risks 1.2 Common Risks
Staff,
equipment, Table 1.1 lists common risks that most projects will encounter;
client, scope, They form a starting point for developing a catalog of risks. However,
technology, the list is not exhaustive; most project managers will find several more
delivery and
physical
risks that they can add, and project experience will tend to increase
this number. When you are assessing the risks for your projects,
always refer to a list such as this. Otherwise, you run the project

Pathways to Higher Education 1

C6/1: Risk Assessment & Risk Management Risk Definition

management risk that not all project risks are identified.

Table 1.1: Sample list of project risks

Staff Risks
Key staff will not be available when needed.
Key skill sets will not be available when needed.
Staff will be lost during the project.

Equipment Risks
Required equipment will not be delivered on time,
Access to hardware will be restricted.
Equipment will fail.

Client Risks
Client resources will not be made available as required.
Client staff will not reach decisions in a timely manner.
Deliverables will not be reviewed according to the schedule.
Knowledgeable client staff will be replaced by those less
qualified.

Scope Risks
Requirements for additional effort will surface.
Changes of scope will be deemed to be included in the
project.
Scope changes will be introduced without the knowledge of
project management.

Technology Risks
The technology will have technical or performance limitations
that endanger the project.
Technology components will not be easily integrated.
The technology is new and poorly understood.
Delivery Risks
System response time will not be adequate.
System capacity requirements will exceed available
capacity.
The system will fail to meet functional requirements

Physical Risks
The office will be damaged by fire, flood, or other
catastrophe.
A computer virus will infect the development system.
A team member will steal confidential material and make it
available to competitors of the client.

Pathways to Higher Education 2

C6/1: Risk Assessment & Risk Management Risk Definition

Categorizing
Risks
1.3 Categorizing Risks
To describe There are numerous statistical methods for defining degree of
the risk as risks, but the simplest categorization, and therefore the most
extreme, high, effective, is to describe risks as extreme, high, medium, low, or
low or minimal
minimal.

The degree of risk depends upon two characteristics: the probability

that the risk will occur, and its impact on the project if it does.

Probability and impact are both categorized as high, medium, and

low, and their relationship, as illustrated in Table 1.2 indicates the
degree of risk.

Consider two risks: that a team member will resign during the project
and that a fire will consume the office, destroying the installation and
all the work that has been done. Both risks are of medium degree. In
the first case, although the probability is high, the impact is low: You
assume that the team member will give adequate notice and can be
easily replaced. The second risk has a high in fact, potentially
devastating impact, but the probability is low and the risk is easily
mitigated by ensuring proper off-site backup.

You categorize risks so that you can identify those that are the
most dangerous and therefore require the most attention. It is
the extreme and high risks that need your attention first.

Table 1.2: Categorization of degree of risk

Impact
Probability
High Medium Low
High Extreme High Medium
Medium High Medium Low
Low Medium Low Minimal

Mitigating 1.4 Mitigating Risks

Risks

By reducing its You mitigate a risk by reducing its probability, its impact, or
probability, its both. Since every project is unique, so are the mitigating actions.
impact or both However, some principles apply across projects and risks.

1. Remove excuses: When the project depends on someone (such

as a supplier, client, or line manager) to provide something (such
as staff, equipment, or material) in accordance with a schedule,
ensure that the provider knows the schedule, knows what is
expected, and understands the consequences of a slippage.
For major providers, such as the client, make up a schedule
giving the exact dates when the project will require resources. If

Pathways to Higher Education 3

C6/1: Risk Assessment & Risk Management Risk Definition

you have exact dates when the project will require client
resources. If you are not able to give an exact date now, give a
date by which you will be able to.

You remove excuses by providing visibility into the project, an active

process in which provides are forced to understand what is expected
of them. For example, if you have ordered a piece of equipment with
a two-month lead time to be delivered by a specified date, just putting
a required date on the purchase order is not enough. Four weeks
before delivery, call the sales representative to verify the
schedule. Three weeks prior, call to clarify, for example, the
power requirements. At two weeks, call to clear up a technical
question. One week ahead of time, call to establish shipping
procedures. With each call, of course, you will ask if there are any
problems that could delay delivery, and you will emphasize how
critical timely delivery is. After this series of calls, the supplier has no
excuses to fall back on. There is no guarantee, of course, that the
equipment will actually be delivered on time, but by actively reminding
the supplier of the schedule, you have reduced the probability of a
late delivery.

2. Demand visibility: when the project depends on someone

delivering something and there is a process that the provider
must follow before delivery, you must understand at least the
milestones of the process. For example, if a piece of equipment
must be manufactured, identify the checkpoints in the
manufacturing process, have the sales representative attach
dates to each checkpoint, and call on those dates to ensure that
the milestones have been met and there are no delays.

If the process is repetitive, such as client review and approval of

project documents, understand the process. What happens to a
document when it is received? Who reviews it? How are
individual reviews reconciled? Is there a final authority for
approval? Who? What is the priority of the project for the
reviewers? With this understanding, you will be able to suggest
changes in the process that will speed things up, if there are delays.

3. Help people communicate: When there is a surprise, the project

manger is frequently the last to know, even though the informal
communications network (or "rumor mill") among team members
and users contains various tidbits and snippets of information that
provide inklings of problems to come. Helping people to
communicate increases the probability that useful
information will find its way to you.

The communications network can provide advance warning that an

employee is dissatisfied and looking elsewhere, that the performance
of a system may be slower than required, that software components
may not integrate smoothly, or that covert scope changes are being

Pathways to Higher Education 4

C6/1: Risk Assessment & Risk Management Risk Definition

smuggled into the system. In other words, the rumor mill is a prime
course of information about emerging risks.

The key rule to using the rumor mill is, "Don't shoot the messenger."
No matter how painful the information, thank the deliverer; otherwise,
like the jilted spouse, you will be the last to know.

4. Plan fallbacks: If the technology does not perform adequately,

what can be done to improve it? If a critical team member is lost
to the project, how will those skills be replaced? If the building
burns down, how does the project recover? Fallbacks are your
plans for when the worst happens.

Fallbacks must be capable of being put into action, either now or

when they are needed, and they must be capable of being
handled within the budget, schedule, and functionality of the
project. If this is not the case, they are not fallbacks; they are
wishes with nothing to anchor them but the fervent hope they
will never have to be exercised.

Pathways to Higher Education 5

C6/1: Risk Assessment & Risk Management Risk Definition

Pathways to Higher Education 6

C6/1: Risk Assessment & Risk Management Risk Management

Chapter 2: Risk Management

Risk Risk management is both a planning and a managing activity. It
management
is not enough to set down some risks at the start of the project
Is continually and then ignore them. You must manage them.
reevaluating
the risks that Managing risks means continually reevaluating the risks that have
have been been defined and identifying new ones. There are three main
defined and
mechanisms for managing project risks; since they are only potential
identifying
new ones. problems, they are lower in priority than real ones. Therefore to
manage risks, you must ensure that they are an overt part of the
project team's, and your, consciousness.

All team members must be aware of the risks that have been
identified and awake to situations that affect them. To keep risks
visible, devote part of each team meeting to a "risk review" in which
the risks are addressed one by one, and team members are
instructed to comment on any thing that affects each risk. The
purpose of the risk review is not to take action; it is to identify what
risks, if any, have changed. The risk review also uncovers new risks
as team members become attuned to dangerous situations.

Your project status report should include a section entitled "Risk

Review" in which you report on risks that have become more, or less,
probable or serious. By regularly reporting risks, you are also able to
prepare management for unpleasant news so that it does not come
as a surprise.

Project manager reflection is thinking time apart from the daily

activities of the project. Devote part of that thinking time to
reviewing existing risks and identifying new ones.

Prepare a risk management work sheet, similar to the one in Table

2.1. The sample work sheet contains a short name of the risk to be
used in status reports or risk reviews, a longer description, and a
table to track how the risk has changed. When a risk has been
eliminated, enter "Resolved" under "Comments." The risk
management work sheet keeps the risks visible.

What If others claim that you have overstated the risks?

You may be faced with complacency on the part of the client or an

unwillingness to plan for problems. This becomes serious when the
client refuses to expend resources to mitigate a risk that you see as
high or extreme

Pathways to Higher Education 7

C6/1: Risk Assessment & Risk Management Risk Management

Actions
2.1 Actions
Seek other, less expensive mitigation procedures that you can
use to reduce the risk to some extent.
Seek other, Document your reasons for categorizing the risks as you did.
less State the probability and describe the impact in graphic terms.
expensive Present your analysis to the steering committee and request the
mitigation resources you need to mitigate the risk.
procedures
that you can
use to Table 2.1: Risks management worksheet
reduce the
risk to some Risk Management Worksheet
extent. Project : _______________________ Date : ______
Short name of the risk :

Description of the risk:

Date Comments Probability Impact Degree

If you are not given the resources you requested, alert your
management to the danger and ask if they can apply leverage to the
client.

Plan the actions you will take if the risk materializes.

You could be faced with a large number of high or extreme risks, all of
which require effort and action. You could also be led into mitigation
procedures that are excessive, expensive, and time-consuming.

If the risk assessments of others lead to a large number of high or

extreme risks, ask the complainants whether they really believe the
project is this risky and, if so, whether it should be undertaken. Most
people will back down and acknowledge that things are not as risky
as they have made out.

Pathways to Higher Education 8

C6/1: Risk Assessment & Risk Management Risk Management

Honor the risk assessment from others who are knowledgeable,

but do not be intimidated into abandoning your own view of the risk.
You will encounter people who will claim, usually loudly, that a risk is
"unacceptable" and cannot be mitigated except by the most extreme
safeguards. If your experience and that of others on your team tells
you that this opinion is alarmist, respect the risk, but prepare your
plans based on a more reasonable assessment.

Identifying 2.2 Identifying Risk and Risk Classification

Risk and
Risk
Risk can be defined as: hazard chance of bad consequence or
Classification
loss exposure to mischance. This definition captures the essence
A hazard of project risk, except that it implies that things are only expected to
chance of
go wrong. On projects, some risks carry an inherent chance of profit
bad
consequence or loss, and some carry a chance of loss only. The former are called
business risks and the latter insurable risks.

Business
2.2.1 Business Risks
Risks
The majority of risks are business risks. That is true for any part of
the operation, but especially for projects. On a project, business risks
may include: response of the market to a product; inflation weather or
the performance of technology and resources. The manager's role is
to increase the chance of profit and reduce the chance of loss.
However, the expectation is that, on average; the risks will turn out
worse than better because although the likelihood of profit and loss
may be the same, the maximum, possible loss is very much greater
than the maximum profit. The weather may be kind as often as it is
unkind. However, bad weather can stop work completely or even
destroy previous work, but good weather seldom allows work to
proceed at double the normal pace.

Insurable 2.2.2 Insurable Risks

Risks

Lead to loss Insurable risks lead to loss only, and are usually caused by
only and are external, unpredictable factors. These are called insurable. But it is
caused by not always possible to find a company to provide cover. For example,
external, war and civil disturbance are insurable risks, but are excluded from
unpredictable most policies. Insurable risks fall within four areas:
factors

Direct property damage

Consequential loss
Legal liability
Personal loss.

Direct damage can be to the facility, or to plant and equipment being

used in its delivery, and may be caused by fire, bad weather, or
damage during transportation. Consequential loss is lost production

Pathways to Higher Education 9

C6/1: Risk Assessment & Risk Management Risk Management

arising from the facility's being unavailable due to direct property

damage. It may be lost revenue or the cost of providing temporary
cover. Legal liability may arise from damage to property or injury to a
third party, or may be due to the negligence of others. It will also
cover liability under a contract for the failure of the facility to perform
either because it is late or because it fails to meet its specification.
Finally, there is the risk that members of the team may suffer injury
arising directly from their work on the project.

Risk
2.3 Risk Management
Management
Risk management is the process by which the likelihood of risk
occurring or its impact on the project is reduced. It has five steps:

1- Identify the potential sources of risk on the project.

2- Determine their individual impact, and select those with a
significant impact for further analysis.
3- Assess the overall impact of the significant risks.
4- Determine how the likelihood or impact of the risk can be
reduced.
5- Develop and implement a plan for controlling the risks and
achieving the reductions.

Identifying 2.3.1 Identifying Risk

Risk

Where One way of classifying risk is by where control of the risk lies.
control of risk However, project managers must have the right mental attitude to
lies risk, and expect risks where they are least expected. In that way, they
will be better able to respond to risks as they occur. They must also
be aware that exposure to risk can vary throughout the project
management life cycle.
Classifying
Risks 2.3.2 Classifying Risks
Five There are five classifications of risk according to where control
classifications lies:
according to
where control
lies a) External Unpredictable: These are risks beyond the control of
managers or their organizations, and are totally unpredictable.
They can be listed, but we cannot say which will be encountered
on a given project. They arise from the action of government,
third parties, or acts of God or from failure to complete the
project due to external influences. Government or regulatory
intervention can relate to supply of raw materials or finished
goods, environmental requirements design or production
standards or pricing. Many projects have been killed by the
unexpected requirement to hold a public enquiry into
environmental impact. Whether a change of government at an

Pathways to Higher Education 10

C6/1: Risk Assessment & Risk Management Risk Management

election falls in this or the following category is a moot point.

Action of third parties can include sabotage or war, and acts of
God are natural hazards such as an earthquake, flood, or the
sinking of a ship. Failure to complete can arise from the failure of
third parities to deliver supporting infrastructure of finance, or
finance, or their failure through bankruptcy, or a totally
inappropriate project design. By their nature, these risks are
almost all "insurable risks."

b) External Predictable Uncertain: These risks are beyond the

control of managers or their organizations. We expect to
encounter them, but we do not know to what extent. There is
usually data that allow us to determine a norm or average, but
the actual impact can be above or below this norm. There are
two major types of risk in this category: the first is the activity of
markets for raw materials or finished goods, which determines
prices, availability and demand; the second is fiscal policies
affecting currency, inflation and taxation. However, they also
include operational requirements such as maintenance,
environmental factors such as the weather, and social impacts
all are business risks.

c) Internal Technical: These risks arising directly from the

technology of the project work of the design construction or
operation of the facility or the design of the ultimate product.
They can arise from changes or from a failure to achieve desired
levels of performance. They can be 'business" or "insurable
risks" although in the latter case the risk is borne by the parent
organization, not by an outside insurance company. (The
premium paid is the investment in other products which far
exceed expectations).

d) Internal Non-Technical: These are risks within the control of

project managers, or their organizations, and are non-technical
in nature. They usually arise from a failure of the project
organization or resources (human material or financial) to
achieve their expected performance. They may result in
schedule delays, cost over-runs or interruption to cash flow.
These are usually "business" risks.

e) Legal: Legal risks fall under civil and criminal law. Risks under
civil law arise from contractual arrangements with clients,
contractors or third parties, or from licenses, patent rights
contractual failure or from force majeure (a unilateral claim by
one party to a contract). Risks under the criminal law are duties
imposed on both the owner and contractor. Under the Health
and Safety at Work Act 1974, all employers - not just in the
engineering industry - have a duty of care for their employees
and for the public. Therefore, project managers, their employers
(the contractors) and design teams can be held responsible if

Pathways to Higher Education 11

C6/1: Risk Assessment & Risk Management Risk Management

their negligence causes injury to any of the parties involved with

the project; including: the project team while working on the
project, users while operating the facility, and consumers using
the product produced by the facility. There have been successful
prosecutions in the engineering industry. With some of the
modern uses of computer systems, programmers must be aware
of the software errors leading to injury of a user or consumer.

Techniques 2.3.3 Techniques for Identifying Risk

for
Identifying There are five techniques for identifying risk. They are listed
Risk
separately, but are in practice used interactively:

1- Expert Judgment uses personal intuition and awareness.

This is the simplest technique, but is sufficient only on the
simplest projects. The use of checklists against the
categories identified above can help.

2- Plan Decomposition shows risks inherent in the

interdependency of work. Any event that lies at the start
or completion of many activities is a potential risk.
These occur at bottlenecks in the network. When analyzing
the plan, you should also look at all external interfaces such
as external supply, for potential failure of third parties.

3- Assumption analysis is win/lose analysis and focuses on

events that might be detrimental, considering both events
we want to occur but may not and events we do not want to
occur but may. Expert judgment is needed to foresee these
events and check for completeness. Table 2.2 contains an
assumption analysis on the purchase of a computer
system.

4- Decision drivers are influences that might determine

whether or not certain events may occur (inside and outside
the project). Win/lose analysis can be used to derive the
list of decision drivers. It can be particularly damaging if
decisions are made for the wrong reason: political versus
technical, marketing versus technical, solution versus
problem, short term versus long term, new technology
versus experience.
5- Brainstorming uses social interaction to enhance the
above techniques

Expecting 2.4 Expecting the Unexpected

the
Unexpected
The secret of clear risk identification is to be able to predict possible
causes of divergence from plan. It is the experience of many people
that failure occurs on a project where they least expect it. This is

Pathways to Higher Education 12

C6/1: Risk Assessment & Risk Management Risk Management

known as Sad's Law or Murphy's Law. It is sometimes stated as: if

something can go wrong it will; if something can't go wrong it will!

Table 2.2: Win/lose analysis for the purchase of a computer

system

System offered vs. system specified Winners Losers

Developer User
Quick cheap product
Sponsor
Developer Sponsor
Lots of nice to haves
User
Sponsor Developer
Driving too hard a bargain
User

The value of this attitude is that if you expect things to go wrong you
will be on your guard for problems, and will be able to respond quickly
to them. The failures may be ones you had predicted or ones you
least expect. If you anticipate problems, and plan appropriate
contingency, you will not be disrupted when those problems occur. If
the unexpected then also occurs, you will be able to focus your
management effort into the areas that might now cause greatest
disruption. This attitude of expecting risks and being ready to respond
is sometimes known as risk thinking. To some people it comes
naturally; others require structured, logical processes of risk
identification and analysis to support their response.

Variation of
Risk with 2.5 Variation of Risk with the Project
the Project Management Life Cycle
Management
Life Cycle
Like quality the impact of risk varies throughout the project
Like quality management life cycle. The later in the cycle risks occur, the more
the impact of expensive are their consequences, but to counteract that, the less
risk varies likely they are to occur. Risk can be reduced at the design stage by
throughout
the project
choosing a proven design rather than an untested one, or during the
management implementation stage by choosing proved methodologies. Whenever
life cycle. novelty is introduced the risk of failure grows throughout the life of the
project.

Isolating Risk 2.6 Isolating Risk in the Work Breakdown

in the Work
Breakdown Structure
Structure
Similarly, it is usually possible to isolate risk in the work breakdown
structure by identifying it as being associated with a certain part of the
project.

Pathways to Higher Education 13

C6/1: Risk Assessment & Risk Management Risk Management

Pathways to Higher Education 14

C6/1: Risk Assessment & Risk Management Risk Assessment

Chapter 3: Risk Assessment

Having identified possible sources of risk to the project, we need to
calculate their impact on the project. First we calculate the impact of
individual risks, and then determine their combined impact.

The Impact of
Risk
3.1 The Impact of Risk
The Impact of a risk factor depends on its likelihood of occurring and the
consequence if it does occur:

Impact of risk = (Likelihood of risk) * (Consequence of risk)

To illustrate this concept, consider the question of whether buildings in

Aswan have earthquake protection. The answer is: very few or none
have.

The consequence of an earthquake of force 8 on the Richter Scale

would be severe loss of life, however the probability (likelihood) of such
an earthquake is so small, virtually zero, that it is considered
unnecessary to take any precautions in ordinary buildings.

But Aswan Reservoir and Aswan Dam do have earthquake protections.

The likelihood of an earthquake is the same but the consequences of

that risk occurrence are unacceptably high income of the reservoir and
the dam.

3.2 Risk Assessment of Several Risks Combined

Risk
Assessment of
Several Risks Case Study: It is a rare project that has only a single source of risk, so
Combined to determine the total impact of risk on a project the elements must be
A Case Study combined. If we include all possible sources of risk into the model, it will
become impossibly complicated, so we limit our attention to the
significant few, the 20 per cent that have 80 per cent of the impact. The
work breakdown structure is a key tool in this integration of the risk. In
practice, there are two approaches:

- A top-down approach, in which key risk factors are identified and

assessed at a high level of work breakdown, and managed out of the
project

- A bottom-up approach. in which risks are identified at a low level of

Pathways to Higher Education 15

C6/1: Risk Assessment & Risk Management Risk Assessment

work breakdown, and an appropriate contingency made to allow for the

risk

3.2.1 The Top-Down Approach

The Top-Down
The top-down approach can provide managers with checklist of
Approach potential risk factors based on previous experience and can help
them to determine each risk's relative importance. Furthermore, by
identifying the controlling relationships at a high level it enables
project managers to find ways of eliminating the most severe risks
from their projects.

Figure 3.1 is the top-level network for a simple project to build a

warehouse where there are four packages of work, see Table 3.1.
Assuming end-to-start dependencies only, the duration of the project is
seven months. It might be possible to fast track the project by
overlapping work packages. However let us assume that, that is
impossible on the path A-C-D: it is not possible to buy the steel until the
design is finished and because all the steel will arrive at once, erection
cannot begin until the steel has arrived. It might be possible to start
work on the site before the design is finished, but there is no need
because the duration will be determined by the delivery of the steel.

1 2 3
Prepare site
-2 and foundation
0 3 3 3 2 6 5 2 7
Design building Erect steelwork
and foundation
0 0 3 3 2 5 5 0 7
Procure
steelwork
3 0 5

Figure 3.1: Simple precedence network for constructing a

warehouse

Table 3.1: Project to erect a warehouse

Preceding Duration
No Name of Work Package
Package (Months)
A Design building and - 3
foundation
B Prepare site and foundation A 2
C Procures steelwork A 2
D Erect steelwork B,C 2

Now let us consider the risks. Let us assume that the project will start at
the beginning of September, after the summer vacation. The risks are
as follows:

Pathways to Higher Education 16

C6/1: Risk Assessment & Risk Management Risk Assessment

1. The design of the building may take more or less than three
months. From previous experience, we may be able to say it will
take two, three or four months with the following probabilities:

- 2 months: 25 per cent

- 3 months: 50 per cent
- 4 months: 25 per cent
Hence it may be finished as early as the end of October, or may
stretch to the end of December.

2. The site cannot he prepared if there is snow on the ground. Snow

occurs in four months of the year with the following probabilities :
- December: 25 per cent
- January: 25 per cent
- February: 50 per cent
- March: 25 per cent

The duration of this work package is dependent on when it starts. If it

starts in October, it will take only two months; if it starts in November, it
will have the following range of durations, see Figure 3.2.
- 2 months: 75 per cent
- 3 months: 19 per cent
- 4 months: 3 per cent
- 5 months: 2 per cent
- 6 months: 1 per cent

There will be similar tables if the work were to start in December or

January, but with the probabilities weighted towards the longer
durations. In some circumstances, the preparation of the site will
become critical. Now it may be worthwhile trying to fast track the design
of the foundations. If the design could be completed by the end of
September, we could eliminate this risk entirely. If it is finished by the
end of October, there is a 75 per cent chance of the work being finished
on time. If the start of this work is delayed to December, there is only a
50 per cent chance. The choice will depend on the cost of fast tracking
the design of the foundations. There will be additional financial charges
if this work is completed early, it is unlikely that the cost of the design
will be greater per se, but there is a risk of re-work as described above
in identifying risk. In the event, you may actually make the decision on
the day depending on how the design of the steelwork is progressing,
and on other factors below.

Nov Dec Jan Feb Mar Apr Total

1.0 0.75
75%
0.25 0.25*0.75

Pathways to Higher Education 17

C6/1: Risk Assessment & Risk Management Risk Assessment

19%
0.25*0.25 0.06*0.50
3%
0.06*0.50 0.03*0.75
2%
0.03*.035 1.0
1%

Working

No Working

Figure 3.2: Calculating the duration or work package B with

November start

3. There may be two possible suppliers of steelwork: the more

expensive one can deliver in one month or two months with equal
probability; and the cheaper in two months or three months also
with equal probability. The delivery time therefore has the following
distribution:
- 1 month: 25 per cent
- 2 months: 50 per cent
- 3 months: 25 per cent

On the face of it, this appears the same as the design. However, the
power of this top-down approach is you can decide what to do on
the day when you know how long the design has taken and how
you are progressing with the foundations. To understand this we
need to address the fourth risk.

4. This is that the steelwork cannot be erected if there are strong

winds, and these occur with the following probability:
- February: 25 per cent
- March: 50 per cent

The duration of this work will also depend on when it starts as with
preparing the site. However, what we can see is that if the design
work finishes at the end of October then it will be better to use the
more expensive supplier. There will then be a 50 percent chance
that erection can begin in December and finish in January without
any delay, or a 50 per cent chance that it will begin in January, in
which case it will finish in February with a 75 per cent chance. This
is of course dependent on the foundations being ready, and so if it
looks as though the steelwork design will be completed early then it
will be worthwhile fast tracking the foundations. On the other hand,
if the design takes four months, it would be better to use the
cheaper supplier and just plan to start erecting the steelwork in April
saving on extra cost of the foundations and on having erection
fitters standing idle.

Pathways to Higher Education 18

C6/1: Risk Assessment & Risk Management Risk Assessment

This simple case shows that the top-down approach allows you to
analyze the interrelationships between elements of risk, and
management decisions based on that analysis and the actual out-turn.
Following a top-down approach, you are able to develop additional
detail in some areas. In the case above, for instance you could
introduce a lower level of work breakdown to find out how to fast track
the design of the foundations to reduce the risk. That requires the
design to be broken into smaller packages of work subject to strict
design parameters at the top level.

3.2.2 Influence Diagrams

Influence diagrams are tools - derived from a systems dynamics
approach -that can assist a top-down analysis. They show how risks
influence one another: some risks reinforce others (+), and some
Influence
Diagrams reduce others (-). Figure 3.3 is an example of an influence diagram. The
power of the technique is to identify loops of influence. Vicious
cycles have an even (or zero) number of negative influences, and
stable cycles an odd number. In Figure 3.3 loop ADEKLIBA is vicious,
and loop ADEGHJIBA is stable. In vicious cycle an externally imposed
influence can be amplified indefinitely.

3.2.3 The Bottom-Up Approach

The bottom-up approach analyses risk at a low level. It can identify
several critical paths, and calculate a range of outcomes for cost
The Bottom-Up and duration to enable the project manager to allow appropriate
Approach contingency. However, it is essentially a negative approach to risk,
as it assumes that risk elements are beyond the control of
managers. It does nothing to help the manager to quantify or
convey information for developing an appropriate management
response to reducing or eliminating risk.

The approach develops a detailed project model at a low level of

breakdown. Variable durations and / or costs are assigned to work
element, as in the above example. However, at a low level it is not
possible to calculate the various outcomes manually, as they were
above. Instead, we perform a Monte Carlo analysis. The project model
is analyzed many times: 100 to 10 000 is typical depending on the size
of the model. Each time a random number is drawn for each parameter
for which there is a range of values, and a value selected accordingly.
This makes the simplifying assumption that the risk elements are
unrelated which may not be the case, see Figure 3.3. The cost and
duration are then calculated using those values and a range of possible
outcomes calculated for the project. Effectively, the project is sampled
however many times the analysis is performed. The results of the Monte
Carlo analysis are presented as a probability distribution for time cost or
both. This may be a simple or cumulative distribution. Figure 3.4 shows
both distributions for the duration of the warehouse project, assuming

Pathways to Higher Education 19

C6/1: Risk Assessment & Risk Management Risk Assessment

the logic given in Table 3.1. For this simple case, the critical path may
go through either A-B-D or A-C-D, and the duration can be anything
from 6 to II months. The likelihood that either or both of the routes will
be the critical path is:

Critical path: A-B-D Both A-C-D

Likelihood: 52% 24% 24%

Figure 3.3: Influence diagram

Pathways to Higher Education 20

C6/1: Risk Assessment & Risk Management Risk Assessment

Probability the duration will equal

Probability the duration is less than

100% 100%

80% 80%

60% 60%

40% 40%

20% 20%
6 7 8 9 10 11
outcome

outcome
Figure 3.4: Simple and cumulative probability distributions for the
duration of the project to build a warehouse

The range of all possible outcomes is:

Duration (months): 6 7 8 9 10 11
Probability: 5% 13% 31% 41% 8% 2%
Cumulative: 5% 18% 496% 90% 98% 100%

With a project this small, it is just possible to calculate these numbers

by hand. With anything larger, the figures have to be determined using
a Monte Carlo analysis. From this we see that the median outcome is
eight months (half the time and the duration will be this or less) and that
90 percent of the time the duration will be less than nine months. The
most likely duration (the mode) is nine months. If nine month duration is
acceptable, we may accept these figures. If not, we would need to
shorten the project. The critical path figures show that the most useful
effort may be put into shortening A-B-D and that may suggest fast
tracking the design of the foundations. However, from this we do not
see the effect of the two suppliers. That can only be analyzed by the
top- down approach.

3.3 Accounting for Increased Costs or Reduced

Revenues
Accounting for
Increased
Costs or Monte Carlo analysts can also be applied to the costs and
Reduced revenues of a project, to produce a range of likely returns.
Revenues However, with the costs and revenues, the risk can be accounted for
directly by allowing a contingency.

3.4 Communicating the Risk Analysis

The ultimate purpose of the risk model is to communicate the
analysis to all the parties involved with the project:

Pathways to Higher Education 21

C6/1: Risk Assessment & Risk Management Risk Assessment

Communicating
the Risk - to the owners for them to assess its value,
Analysis
- to the champions, so they can give their support and
commitment to the project,
- to the project managers so that they can develop their project
strategies and perform what-if analyses,
- to the integrators, to enable them to manage the risks during
implementation,
- to people joining the project at a later time so they know what
assumptions have been made, and
- to the users so that they know the commitments they are
making.

To be an effective communication tool, the model must be simple,

robust, adaptable and complete. Achieving this requires considerable
effort. Structuring the model in order to achieve these requirements can
take 60 per cent of the total effort of risk analysis.

Pathways to Higher Education 22

C6/1: Risk Assessment & Risk Management Reducing Risk

Chapter 4: Reducing Risk

Having identified and assessed the risk you are in a position to consider
ways of reducing it. There are three basic approaches:

- Avoidance: having identified the risk, you replan to eliminate it

- Deflection: you try to pass the risk on to someone else
- Contingency: you take no action in advance of the deviations
occurring other than to draw up contingency plans should they
occur.

Pym and Wideman use an analogy of a man being shot at. He can take
cover to avoid the bullets: he can deflect them using a shield or divert the
bullets by placing someone else in the firing line: or he can allow them to
hit him and plan to repair the damage.

Avoidance
4.1 Avoidance
The warehouse project above showed how to avoid the risk of
snow holding up the preparation of the foundations, by starting the work
early enough so that it is finished before the snow comes. Under
avoidance you change the plan for anyone of the five system
objectives or any combination of them to reduce the risk or
eliminate it entirely.

Deflection 4.2 Deflection

There are three ways of deflecting risk:

- Through insurance: by which it is passed on to a third party.

- Through bonding: by which a security is held against the risk.
- Through the contract: by which it is passed between owner,
contractor and subcontractors.

1. Insurance: A third party accepts an insurable risk for the

payment of a, premium, which reflects the impact of the risk
and the likelihood combined with the consequence.

2. Bonding: One or both parties to a contract deposit money into

a secure account so that if they or either party defaults, the
aggrieved party can take the bond in compensation. This is a
way of transferring the risk of one party defaulting to that
organization.

Pathways to Higher Education 23

C6/1: Risk Assessment & Risk Management Reducing Risk

3. Contract: Through contracts the risk is shared between owner

contractor and subcontractors. There are two common
principles of contracts:

a) Risk is assigned to that pony most able and best

motivated to control it. There is no point passing risk onto a
contractor or subcontractor if neither has the power or the
motivation to control it. The Institution of Civil Engineers is
currently revising its standard forms of contract around this
principle. There are four styles of contract for different
approaches to sharing risk:
- Fixed price
- Cost-plus
- cost reimbursable
- Target cost.

b) Under fixed price contracts. In Figure 4.1-a, the contractor

accepts all the risk by taking a fixed fee for the work
regardless of how much it costs. It is assumed that the owner
has completely specified the requirements and as long as
they do not change the contractor can meet a given price.
This approach is adopted for turnkey contracts, where the
contractor takes full responsibility and delivers to the owner
an operating facility. The owner has no role in its
construction. Often in fixed price contracts the owner and
contractor haggle over every change arguing over which one
of them caused it and whether it is within the original
specification.

When the owner cannot specify the requirements, the contractor

should not accept the risk, but it should be borne by the owner. The
simplest way is through cost-plus contracts, Figure 4.1-b. The owner
refunds all the contractors costs and pays a percentage as profit. The
disadvantage is that the contractor is still responsible for controlling
costs, and yet the higher the costs the higher the profit. This is a recipe
for disaster as the party responsible for control is not motivated to do it; in
fact the exact opposite. It is possible to adopt strict change control and
that passes responsibility for controlling costs back to the owner, but can
lead to strife. Typically, cost-plus contracts are used on research
contracts.

Another way of overcoming the problem is to pay the contractor a

fixed fee as a percentage of the estimate, instead of a percentage of the
out-turn. This is a cost reimbursable contract. Figure 4.1-c. The
contractor can be motivated to control costs if paid a bonus for finishing
under budget, or charged a penalty if over budget. However, the
parameters for the bonus or penalty must be carefully set to ensure that
the accepted risk is not beyond the contractors control. Even without a
bonus the contractor may be motivated to control costs, as that increases
the percentage return.

Pathways to Higher Education 24

C6/1: Risk Assessment & Risk Management Reducing Risk

X+ X+

Payment

Payment
X X

Out-turn Out-turn
(a) Fixed price contract (b) Cost plus

X+
Payment

X X Payment
Out-turn Out-turn
(c) Cost reimbursable (d) Target price

Figure 4.1: Four types of contract

A related approach is target cost, Figure 4.1-d. The contractor is paid a

fixed price, if the out-turn is within a certain range typically 10 per cent
of the budget. If the cost goes outside this range, then the owner and
contractor share the risk at say 50p in the pound. If the costs exceed the
upper limit, the owner pays the contractor an extra 50p per pound of
overspend and if the price is below the range the contractor reduces the
price. This is often used on development projects where there is some-
idea of the likely out-turn but it is not completely determined. The
contractor may also share in the benefits from the product produced.
c) Risk is shared with subcontractors if it is within their sphere of
control. To achieve this, back-to-back contracts are used: the
clauses in the contract between owner and contractor are
included in that between contractor and subcontractors. In
some instances, where the contractor feels squashed
between two giants and accepts quite severe clauses from
the owner to win the work but believes that the
subcontractors will not accept them because they do not
need the work. This often happens to contractors on defense
or public sector projects. The way to avoid this is to try to get
the subcontractors to make their contracts directly with the
owner and use the owner's power to pull the supplier into

Pathways to Higher Education 25

C6/1: Risk Assessment & Risk Management Reducing Risk

line. The supplier may not need the business from the
contractor but may have a better respect for the owner.

4.3 Contingency
Contingency The third response to risk is to make an allowance for it by adding a
contingency. You can add an allowance to anyone of the five system
objectives, but typically there are two main approaches:

- Make an allowance by increasing the time and/or cost budgets.

- Plan to change the scope by drawing up contingency plans
should the identified risks occur.

4.4 Time and/or Cost

Time and/or
You can either add the allowance as a blanket figure calculated
Cost
through a bottom-up approach as above or you can add it work
element by work element. Either way, the project manager should
maintain at least two estimates, a raw estimate without contingency and
an estimate with contingency. The former called the baseline is
communicated to the project team as their working budget and the latter
to the owner for the provision of money and resources. The project
manager may also maintain two further estimates the most likely out-turn
the figure to which they are working and the current estimate, which is
the baseline with some contingency already consumed. The reason for
giving the project team the baseline or current estimate as their working
figure is that their costs will seldom be less than the estimate and will
consume contingency if it is given to them. The reason for
communicating the estimate with contingency to the owner is allow him to
budget for the maximum likely time and cost.

4.5 Contingency Plans

Contingency
Plans These are alternative methods of achieving the milestones to be
used in different circumstances. The alternative plans mayor may not
cost more money to implement though, presumably, if they cost less, it
would be better to follow them in the first place. On the extension to the
steam system on the ammonia plant above, it was shown how alternative
plans were available should the valve shut tight shut partially and not
shut at all. The latter plans each would have cost more than the first
which is the one we followed although the second would have only been
marginally more expensive.
However, it is better to plan to eliminate the risk than to plan how to over-
come it and it is better to plan how to overcome it than to increase the
cost and extend the duration to pay for it.
4.6 Controlling Risk
Pathways to Higher Education 26
C6/1: Risk Assessment & Risk Management Reducing Risk

Controlling
Risk Having identified ways of reducing risk, you can implement a plan to
control the reduction. There are four basic steps in control:

- Draw up a plan
- Monitor progress against the plan
- Calculate variances
- Take action to overcome variances.

4.7 The Risk Management Plan

Risk
Management The risk management plan identifies the risk associated with a
Plan project the means by which they have been assessed and the
strategy for their reduction. A risk item tracking form provides a
framework for recording the relevant information for each risk. The form
which may be held in a spreadsheet or computer database describes:

- Why the risk is significant?

- What is to be done to reduce it?
- When the risk will have its impact on the project?
- Who is responsible for resolving the risk?
- How the reduction will be achieved?
- How much it will cost to resolve the risk?

4.8 Monitoring Risk

Risk
Monitoring The risks are then monitored on a regular basis (weekly fortnightly
monthly or at other predetermined intervals) to determine how far
each risk has actually been reduced. At each review the risk tracking
forms arc sorted into their order of current importance. A list of the most
significant risks usually the "top-ten" is produced giving rank this period
rank last period and periods on the list.

4.9 Risk Reassessment

Risk
Assessment Reassessment should be carried out whenever new risks are
identified in the course of risk monitoring. In addition, there should be
explicit reassessment at key milestones in the project and at transition
between stages. The launch meetings for subsequent stages are ideal
media for this reassessment. All the above techniques are used for
reassessment. It is always easier to improve on an existing plan but there
is the disadvantage that new risks may be ignored. Figure 4.2 shows a
risk item tracking form for TRIMGI communication BV company.

TRIMAGI COMMUNICATIONS BV

Pathways to Higher Education 27

C6/1: Risk Assessment & Risk Management Reducing Risk

RISK ITEM TRACKING FORM PAGE 1 OF 2

PROJECT CODE
WORK PACKAGE CODE
ACTIVITY CODE
RISK NUMBER RISK IDENTIFIER
NATURE OF RISK EU/EP/lT/lN/L TYPE BUSINESS/INSURABLE
SOURCE CONTRACTUAL/MANAGEME NT/TECHNICAL /
CATEGORY PER SONNEL
DESCRIPTION:

IMPACT DATE: LIKELIHOOD LOW/MEDIUM/HIGH

SUBSIDIARY RISKS
ACTIVITY RISK IDENTIFIER
ACTIVITY RISK IDENTIFIER
RISK IMPACT
SEVERITY: VL/L/M/H/VH SEVERITY SCORE /5
UKEUHOOD SCORE /3 RISK SCORE /15
SS*LS=
IMPACT AREA
SCHEDULE
COST
PERFORMANCE:

RISK MONITORING
MONTH
RANK
TRIMAGI COMMUNICATIONS BV
RISK ITEM TRACKING FORM PAGE 2 OF 2
CORRECTIVE ACTION PROPOSED/APPROVED
DESCRIPTION

RISK REDUCTION
COST
RESPONSIBLE UKEUHOOD LOW/MEDIUM/HIGH
MANAGER
REVISED DATE

START DATE: CLOSURE

DATE:
REVISED IMPACT
SEVERITY SEVERITY SCORE /5
VL/L/M/H/VH RISK SCORE SS /15
UKEUHOOD SCORE /3 *LS =
IMPACT AREA :
SCHEDULE :
COST :
PERFORMANCE :
MONTH ACTION NEXT ACTION BY WHOM
TAKEN
ISSUE : DATE : AUTHOR : APPROVED :

Figure 4.2: Risk item tracking form

Example "How to reduce risks in projects?"

Pathways to Higher Education 28

C6/1: Risk Assessment & Risk Management Reducing Risk

Activity Immediate Duration in Time

Predecessor Units
Activity
A None 4
B None 1
C A 1
D B 1
E B 6
F C,D 5
G F 7
H E 4
I E 8
J H 1
K I 2
L J,K 5

4 5 10 22
9 10 15
C 22
F G
Start 2 9 1
A 1 4 10
5 7
16 End
4
0 4 J 5
1 D H 6 L
0
B 6 4 1 8
3 5
E 4 2 17
1 7 I K
7 15
1 7

15
Event 15

Activity
LL Latest time for event

t
Duration time

et Earliest time for

A, B,C, Symbols of activity
event

Remarks

Pathways to Higher Education 29

C6/1: Risk Assessment & Risk Management Reducing Risk

Out activity In activity

Beginning activity End event

Event does not occur except all it's in activities completed.

Activity can not start before its beginning event does occur.

Pathways to Higher Education 30

C6/1: Risk Assessment & Risk Management References

References
1. Hallows, J.E. (1998): Information Systems Project
References Management American Management Association, New York.

2. Turner, J. R. (1993): The Handbook of Project-based

Management McGraw-Hill Book Company, New York,
London.

Pathways to Higher Education 31

 Pathways to Higher Education Project
Pathways Mission
Training fresh university graduates in
order to enhance their research skills to
upgrade their chances in winning
national and international postgraduate
scholarships as well as obtaining better
job.
Partners
CAPSCU, Cairo University
Ford Foundation, USA
Future Generation Foundation, FGF
National Council for Women, NCW
Cairo University Faculties of
Commerce, Arts, Mass Communication,
Law, Economics & Political Science,
and Engineering
Training Programs
Enhancement of Research Skills
Training of Trainers
Development of Leadership Skills
Published by: CAPSCU Center for Advancement of Postgraduate Studies and
Research in Engineering Sciences, Faculty of Engineering - Cairo University
Tel: (+202) 5716620, (+202) 5678216
Web-site: www.capscu.com
Publications of Training Programs
1- Planning and Controlling
2- Systems and Creative Thinking
3- Research Methods and Writing Research
Proposals
4- Statistical Data Analysis
5- Teams and Work Groups
6- Risk Assessment and Risk Management
7- Argumentation: Techniques of
Measurement and Development
8- Communication Skills
9- Negotiation Skills
10- Analytical Thinking
11- Problem Solving and Decision Making
12- Stress Management
13- Accounting for Management and
Decision Making
14- Basics of Managerial Economics
15- Economic Feasibility Studies
16- Health, Safety and Environment
17- Wellness Guidelines: Healthful Life
18- Basic Arabic Language Skills for
Scientific Writing
19- General Lectures Directory
20- Enhancement of Research Skills
Graduation Projects Directory
Project Web-site
www.Pathways-Egypt.com
Fax: (+202) 5703620
E-mail: capscu@tedata.net.eg
32
33